Find Empty Groups In Active Directory Using PowerShell


You will be able to find groups from your domain by using the below PowerShell Script, It will scan AD and export its findings to a CSV file.

Please note you will need to change the export directory to one that suits you.

Import-Module activedirectory
Get-ADGroup -Filter * -Properties Members | where {-not $_.members} | select Name | Export-Csv D:\emprtygroups.csv –NoTypeInformation

To find empty groups from any specific OU present in other domain:-

Import-Module activedirectory
Get-ADGroup -Filter * -Properties Members -searchbase “OU fqdn” –server  | where {-not $_.members} | select Name | Export-Csv D:\emprtygroups.csv –NoTypeInformation

Active Directory

Export a list of members from an Active Directory Security Group into a .txt File


I needed to export a list of all the members in an active directory group today. Here are two methods which work well. The first example uses the net group command. In both examples ‘Group Name’ is the name of the group that you want to export the member list for, and memberlist.txt is the name of the output file.

net group “Group Name” /domain > C:\temp\memberlist.txt

The second example uses dsquery and dsget, which will return the full distinguished names of the user objects that are members of the group. This could be useful if you also need to know which organizational unit the members accounts reside in.

dsquery group -name “Group Name” | dsget group -members > memberlist.txt

Active Directory

How to: Fix Access Denied Message When Attempting to Move Objects in Active Directory


When trying to move an OU in Active Directory, you get this error:

Active Directory Domain Services

Windows cannot move object “OU” because:
Access is denied.

This is either because Protection from accidental deletion is turned on for the OU you are trying to move, or because you have delegated rights, but no permission to move the OU.

In order to fix this, click on View > Advanced Features and then right-click > Properties on the OU – When the window appears click on Object and untick the “prevent from accidental deletion” box.


If this box has already been unticked then you will need to amend permissions for that OU. Right-click > Properties on the OU and a window will open.

Click on the Security tab and then Advanced, you will need to add your account or group and give it your desired permissions.

This should resolve your issue.


Active DirectoryTips

Create Local Administrator Security Group with GPO


If you want certain members to be local administrators of computers, you can do it through Group Policy. The idea here is to create a Local Admin security group and then a GPO that adds that security group to the local Administrators group of the computer.


  1. Open Active Directory Users and Computers
  2. Select your Security Group OU
  3. Right Click and select New > Group
  4. Give the Group a name, I used “Helpdesk_Engineers”